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DETAILED ACTION 

Claims 1-17 and 19-30 are pending. Claims 1, 23, and 30 are currently amended. 
Response to Arguments 

Applicant's arguments filed 12/06/2007 have been fully considered but they are 
not persuasive. In regards to claim 1 , the examiner rejected all of the limitations of the 
claim including the limitation "wherein said desired new server configuration for said 
new server instance is selected from a plurality of new server configurations." Examiner 
mentioned "Gong... does not disclose selecting said new server instance from a 
plurality of new server configurations", but in regards to the context of the claim and the 
motivation to combine the references, it is clear that the examiner intended that Gong 
does not disclose selecting a new server configuration form a plurality of server 
configurations in a database or a table. Examiner disagrees with the assertion that 
"Gong does not disclose selecting said new server instance from a plurality of new 
server configurations" based on the reasoning above and the following rejection. 
Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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Claims 1-8, 13-17, and 23-30 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Gong et al. hereafter Gong (US 7,076,801). 
Regarding claims 1, 23, and 30: 

Gong discloses a method for automated adaptive reprovisioning of servers under 
security assault, the method comprising: 

detecting a security assault or a possible security assault on a first server 
(column 6 lines 63-67; intrusion sensors 50 detect signs of attack in the network and its 
components); and 

reprovisioning by automatically creating a new server instance with a desired 
new server configuration to perform at least one of the tasks performed by said first 
server, wherein said desired new server configuration for said new server instance is 
selected from a plurality of new server configurations available for said first server 
(column 7 lines 30-43, the adaptive reconfigurer 60 generates new configurations for 
the system as necessary and may include changing the level of access control, degrees 
of redundancy or isolation, increased sensitivity, or alerting network components). 

Regarding claims 2 and 24: 

Gong discloses the method of claims 1 and 23, wherein said detecting comprises 
determining if said first server is a candidate for reprovisioning, because of properties or 
behavior that suggest its security has been compromised or is likely to be compromised, 
or its functioning otherwise unacceptably impaired, by a security assault (column 7 lines 
30-43, the adaptive reconfigurer evaluates any intrusion threats, compares them to the 
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tolerance objectives and any cost or performance impact, and generates new 
configurations). 

Regarding claims 3 and 25: 

Gong discloses the method of claims 1 and 23, wherein said reprovisioning 
comprises automatically bringing up said new server Instance, or otherwise making 
available said new server instance to customers or other users of said first server 
(column 7 lines 54-66, functions and resources devoted to nonessential services can be 
reallocated to the delivery of essential services (creating a new server instance), making 
users unaware of a degradation). 

Regarding claims 4 and 26: 

Gong discloses the method of claims 1 and 23, further comprising bringing down 
said first server prior to said reprovisioning (column 7 lines 37-43, isolation is 
considered by examiner as bringing down the first server (the server under attack) as 
the server Is no longer available to the clients). 

Regarding claims 5 and 27: 

Gong discloses the method of claims 1 and 23, wherein said new server instance 

brought up In said reprovisioning differs from said first server In at least one parameter 
(column 7 lines 30-53, any alteration to the previous configuration of the server instance 
causes the new server instance to differ in at least one parameter). 
Regarding claims 6 and 28: 

Gong discloses the method of claims 1 and 23, wherein a difference between 
said new server instance and said first server is responsive to whether or not other 
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security incidents have been detected in a network to which said servers are coupled 
(column 7 lines 30-37, using the information it receives from the intrusion sensors, 
acceptance monitors, ballot monitors and proxy servers, the reconfigurer generates new 
configurations as necessary; column 5 line 60-column 6 line 6, the ballot monitors 
receive results of the applied acceptance test and determines a preferred response 
based on the current level of detected security and the designated intrusion tolerance 
strategy). 

Regarding claims 7 and 29: 

Gong discloses the method of claims 1 and 23, wherein a difference between 
said new server instance and said first server is responsive to a nature of any other 
security incidents that have been detected in said network to which said servers are 
coupled (column 7 lines 30-37, the configurer receives information from intrusion 
sensors, acceptance monitors, ballot monitors, and proxy servers and generates new 
configurations as necessary). 

Regarding claim 8: 

Gong discloses the method of claim 1 , wherein a difference between said new 
server instance and said first server is responsive to a probable compromise or a 
functional impairment observed in said detection (column 7 lines 46-53, the configurer is 
capable of reconfiguring the network connections in response to a predetermined 
condition to support a desired security level. This may be triggered by the intrusion 
sensor or set in advance if a hostile environment is anticipated (probable compromise)). 

Regarding claim 13: 
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Gong discloses the method of claim 1 , wherein a difference between said new 
server instance and said first server includes a degree of function offered to users by 
said servers (column 7 lines 30-43, configurer changes the level of access control 
imposed on clients). 

Regarding claim 14 and 15: 

Gong discloses the method of claim 1 , wherein said new server instance brought 
up in said reprovisioning differs from said first server only if more than a fixed number of 
instances of probable server compromise have been observed and wherein a difference 
between said new server instance and said first server is responsive to a number of 
probable server compromises that have been observed (column 7 lines 30-37, based on 
the information received the reconfigurer generates new configurations for the system; it 
is inherent that there is at least one or more instances that cause a new configuration). 

Regarding claim 16: 

Gong discloses the method of claim 1 , wherein said server comprises a 
computer providing services through a network (figure 1 and column 4 lines 6-10, the 
proxy servers represent public access points to clients via communication lines 4). 

Regarding claim 17: 

Gong discloses the method of claim 1 , wherein said server comprises a program 
running on a network-coupled computer, providing services through a network (column 
4 lines 6-10, services such as military command and control or a transaction processing 
system for an e-commerce site; it is inherent that servers are a computer consisting of a 
processor, volatile storage, and a non-volatile storage device). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary sl^ill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 9-12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gong as applied to claim 1 above, and further in view of Agha. 

Gong discloses the method of claim 1 , but not teach the difference between said 
new server instance and said first server includes a version of operating system 
software used by said servers. Agha teaches updating program code wherein program 
code "generally includes the operating system of the computer system, as well as any 
lower-level program code utilized by the computer system, including microcode, basic 
input/output system (BIOS) program code, kernel program code, startup program code, 
etc" (Agha, column 1 lines 18-22). Changing strength of encryption would have been 
obvious to one of ordinary skill in the art in order to further protect the server's incoming 
and outgoing communications. It would have been obvious to one of ordinary skill in the 
art to combine the reprovisioning method of Gong with the method for updating program 
code of Agha in order to update the system (Agha, column 1 lines 6-9). 

Claims 19-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gong as applied to claim 1 above, and further in view of Burnett. 

Gong discloses the method of claim 1 , but does not disclose selecting said new 
server instance from a table or database of a plurality of new server configurations. 
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Burnett discloses selecting a configuration from a configuration database, 135, in 
paragraph 0049. Using a table and randomly selecting the configuration are obvious 
variations of selecting the new server configuration and one of ordinary skill in the art 
could have used one method over the other with predictable results to one of ordinary 
skill in the art at the time of invention. Examiner interprets claim 22 as selecting from a 
table after a number of times a server has been subject to probable compromise (in the 
reference, the number of times is equal to one). It would have been obvious to one of 
ordinary skill in the art to combine the method of Gong for reprovisioning a server with 
selecting a configuration from the configuration database of Burnett in order to store all 
of the configurations. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, liowever, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JAMES TURCHEN whose telephone number is 
(571)270-1378. The examiner can normally be reached on MTWRF 7:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kristine Kincaid can be reached on (571 )272-4063. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

JRT 

/Kristine Kincaid/ 

Supervisory Patent Examiner, Art Unit 2139 



